Package: roundup Version: 1.2.1-5+etch1 Severity: grave Tags: patch Justification: renders package unusable
Hi The recent security update into etch, 1.2.1-5+etch1 breaks the page rendering (templating) of roundup making all the trackers it runs useless. For the benefit of search engines, here the last part of the traceback: [...] File "<string>", line 2, in f File "/usr/lib/python2.4/site-packages/roundup/cgi/templating.py", line 1200, in __str__ return self.plain() File "/usr/lib/python2.4/site-packages/roundup/cgi/templating.py", line 1760, in plain if escape: NameError: global name 'escape' is not defined Comparing the code of templating.py with the previous version makes the fix obvious luckily. In templating.py on line 2698 change: def plain(self): back into: def plain(self, escape=0): Note that I didn't cross-check the CVE (it mentions escaping user input in #472643) so maybe defaulting to the old '0' is not correct and it should be '1' to fix the CVE. I don't know that much about it, all I know is that I want a working system (and since it's internal I trust my users...) Regards Floris -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages roundup depends on: ii python 2.4.4-2 An interactive high-level object-o ii python-central 0.5.12 register and build utility for Pyt roundup recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]